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REMARKS 

Status of the Claims 

Claims 1-25 were in the application as originally filed. Claims 26 and 27 were 
added by amendment upon filing of a RCE. Claims 1-21 were subject to a restriction 
requirement and were withdrawn from this application. 

Claims 22-27 were subject to the examination reflected in the present Office 
action, in which: 

Claims 22-27 stand rejected under 35 U.S.C. § 103(a) as obvious over U.S. Patent 
6,079,020 to Liu (hereinafter, "Liu") in light of U.S. Patent Application Publication 
2004/0107286 by Larson (hereinafter, "Larson"). 

Arguments in Support of the Patentability 
of Claims Remaining in the Application 

Claims 22-27 stand rejected under 35 U.S.C. § 103(a) as obvious over Liu in light 
of Larson. This rejection is respectfully traversed. 

In rejecting claim 22, Examiner cites to Liu's: 

FIGs. 1 and 2 and Abstract as teaching the subject matter of the preamble, 

[210] as teaching the "receiving" step, 

col. 7, lines 8-67 as teaching the "multiplexing" step, and 

[240] as teaching the "modifying" step. 
Examiner acknowledges that Liu does not explicitly show "providing network 
destination address information from a DNS server...." However, Examiner finds this 
"providing" step in "a method for establishing secure communication" in Larson's 
[0024], [0225], [0260-0268]. From these teachings of Larson, and further in view of 
Larson's Abstract, Examiner concludes that it would have been obvious to a person of 
ordinary skill in the art to modify Liu by including the step of "providing network 
destination address information from a DNS server. ..." Specifically, it is said by 
Examiner that "one of ordinary skill in the art at the time of the invention would have 
been motivated in order to automatically create of [sic] a VPN in response to a DNS 
server look-up function, citing more particularly to Larson's [261]. 
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Initially, it is respectfully submitted that Examiner's characterization of Liu is in 
error and the reading of Liu on claim 22 is a misapplication of the purpose and teachings 
of Liu. In this regard, it is important to emphasize that the language of claim 22 
expressly includes the language "a method practiced at a network interface unit (NIU) 
directly connected to at least one local area network (LAN) . . . ." [Emphasis added.] 

Examiner applies FIGs. 1 and 2, and the Abstract of Liu to the preamble of claim 
22. Examiner's cite to 210 in FIG. 2 as corresponding to applicant's "receiving data 
packetes from at least one device on said LAN" makes it clear that Examiner's rejection 
of claim 22 regards Liu's VPN gateways, such as 1 15. 125, or 135 to function as 
applicants' NIU (102, 202 or 302, for example). But Liu's VPN gateways and their 
relationship to VPN Management Station 160 shown in FIG. 1 present structure and 
functioning that is fundamentally distinct from that disclosed and claimed with respect to 
applicants' NIU. 

Liu's VPN Management Station 160 is an attempt to avoid manual configuring of 
a plurality of VPN gateways to avoid potential errors and allow remote updating. See 5 
for example, Liu at col. 2, line 52 through col. 3, line 21 . 

In particular, Liu's teachings provide that a command specifiying a network 
operation received at VPN management station 160 for translation into configuration 
information for delivery to VPN gateways affected by the command. (Liu, col 3, lines 8- 
14.) VPN groups are established in the Liu system and VPN processing is performed and 
packets delivered when it is determined that source and destinations are members of the 
same VPN group. (Liu, FIG. 2, 220,240 and 250.) 

Configuration Parameters, as defined in Liu at col. 4, lines 48-50, are 
"parameters sent to a VPN gateway to configure the VPN gateway to appropriately 
handle communications between members of VPNs." Importantly, configuration 
parameters delivered to gateways include specific groups of addresses between which 
communications are to be transmitted securely. In a variation on this embodiment, the 
configuration parameters include Internet Protocol (IP) addresses. Thus, address 
information is provided to gateways to define VPN groups and to individual IP addresses. 
(Liu, col. 3, lines 39-43.) Further illustration of the management of network addresses 
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and the express provision of them to particular gateways is provided by FIGs. 8-10 and 
the discussion thereof at col. 10, line 7 through col. 11, line 9. 

From Liu's description of VPN management station 160 and its relationship to the 
respective VPN gateways (and their VPN groups and addresses), it is clear that Liu's 
VPN management station 160 provides an overall control function for the VPN gateways. 
This control is directed in large part by the delivery by VPN management station 160 of 
address definitions of VPN groups and the individual IP addresses of source and 
destinations for VPN paths. That is, processing in accordance with Liu's FIG. 2 of 
received packets at Liu's VPN gateways does not include "providing network destination 
address information from a Domain Name System server for at least selected ones of said 
data streams." 

Importantly, if DNS functionality were to be included in Liu's VPN gateways 
(identified in the rejection with applicants NIU), it would defeat the goal of Liu to 
provide a central control at the VPN management station 160 that forms a core of Liu's 
approach. So, not only does Liu not show or suggest "providing network destination 
address information from a Domain Name System server for at least selected ones of said 
data streams" at his VPN gateways, use of such DNS functionality at VPN gateways 
would be counter to Liu's approach of providing VPN gateway information from a 
central source. 

In contradistinction, the invention defined in applicants' present claim 22, recites 
NIU functions including "providing network destination address information from a 
Domain Name System server for at least selected ones of said data streams." This is 
inconsistent with Liu's use of explicit IP addresses and VPN groups defined by addresses 
delivered as configuration parameters by Liu's centralized VPN management station 160. 

Thus, Examiner's cite to Liu's step 250 in FIG. 2 is inapposite. Liu does not 
perform the step of applicants claim 22: "providing network destination address 
information from a Domain Name System server for at least selected ones of said data 
streams." Instead, Liu relies on the explicit download of addresses from his VPN 
management station 160 to individual VPN gateways. 

It should be understood that the DNS function recited in claim 22 is not consistent 
with the operation of Liu's system. That is because explicit address information is 
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downloaded in the form of IP addresses and ranges no DNS function need be performed 
in Liu. Applicants' NIU performs "providing network destination address information 
from a DNS server," thus permitting resolution of address information in applicants' 
NIU . In particular, applicants' DNS function is described, for example, in the 
specification at page 15, line 30 through page 16, line 1, where it is noted that applicants' 
"DNS server 415 provides network address resolution for destinations specified in other 
formats, and substitutes for access to network-based DNS servers commonly used for 
non-secure networking applications." [Emphasis added.] 

The providing of destination address information in the manner recited in 
applicants' claim 22 confers advantages to applicants' embodiments in the form of 
increased flexibility and mobility. That is, reliance on Liu's rigid address format, 
updating from a central VPN management station 160 and rigid adherence to VPN groups 
need not be observed in applicants' claimed invention. This is especially important in 
applications of the present inventive methods where a user is required to move from one 
location to another as discussed, for example, in the specification at page 23, line 28 
through page 24, line 5 where it is noted that 

Thus, for example, a traveling business person will efficiently and simply 
access a corporate headquarters LAN over the Internet by connecting through a 
network interface unit supporting a variety of client devices including one a 
laptop computer, web-enabled cell phone, personal digital assistant and a variety 
of peripheral devices. Such connections will be made from corporate branch 
offices, customer offices, supplier offices, hotel rooms and, via wireless links, 
from virtually anywhere. Such connections will be available over dial-up, cable, 
DSL, private line, wireless and other types of links, the configur ation information 
for which will be automatically derived using present inventive teachings . 
(Emphasis added.) 

Because it would serve no useful function and would defeat the goal of central 
configuration of VPNs using a VPN management station, Liu provides no suggestion of 
"providing network destination address information from a Domain Name System server 
for at least selected ones of said data streams" at a NIU. Therefore, one skilled in the art 
would not look to sources such as Larson to modify the teachings of Liu to include such 
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DNS functionality atanNIU . Moreover, the DNS functionality shown in the cited 
portions of Larson is not performed ataNIU . Moreover, it appears from Larson's 
[0260-0280] and associated FIG. 26 that Larson's approach employs a DNS server 2609 
and DNS proxy server 2610 communicating through a gatekeeper 2603, none of which 
practice applicants' method of claim 22. None of these elements in Larson practice the 
claimed method steps at a NIU . 

No suggestion has been identified by Examiner that Larson performs his DNS 
functioning ataNIU or that Larson (or Liu) contemplate use of a NIU having the 
functionality described in claim 22. There is simply no basis for importing a technique 
from a non-existent NIU in Larson into a non-existent NIU in Liu that would, in any 
event, defeat the purposes sought to be achieved in Liu. 

Accordingly, it is submitted that neither Liu nor Larson, nor any combination of 
them teach or suggest the invention of claim 22. Claims 23-27 include all of the 
limitations of claim 22 and are patentable over Liu or Larson, or any combination of 
them, for the same reasons as claim 22. Neither of Liu or Larson teaches or suggests a 
NIU having the functionality of the elements claimed in claims 22-27. 
Conclusion 

For the foregoing reasons, it is respectfully submitted that claims 22-27 as 
previously amended, overcome or avoid all bases for rejection and are allowable. It is 
requested that all claims be further examined, found allowable and passed to issue. 
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Please address all correspondence to: Samuel H. Dworetsky, Esq., AT&T, P.O. 
Box 4110, Middletown, NJ 07748. Applicant's attorney can be reached at (336) 286- 
5712. 



Respectfully, 

Y. Chen 
M.J. Foladare 
S.B. Goldman 
T. Killian 
N.L. Schryer 
K. Stone 
R.P. Weber 

Date: July 7, 2006 William Ryan, 

Attorney for Applicant 
Reg. No. 24,434 
(908) 464-6602 
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